conntrack: T3579: initial implementation with XML and Python

author: Christian Poessinger <christian@poessinger.com> 2021-05-25 21:53:54 +0200
committer: Christian Poessinger <christian@poessinger.com> 2021-05-27 08:30:51 +0200
commit: 5eadedcc1e5c40da81031b77b8965baa3087e2b3 (patch)
tree: 5883c10b79ed394a79c6e332d022976be1459f6d /data
parent: d12f945d24fd9098e69620d84699b61bd7838c99 (diff)
download: vyos-1x-5eadedcc1e5c40da81031b77b8965baa3087e2b3.tar.gz
vyos-1x-5eadedcc1e5c40da81031b77b8965baa3087e2b3.zip
3 files changed, 30 insertions, 0 deletions
diff --git a/data/configd-include.json b/data/configd-include.json
index f241d0cb6..712df3f19 100644
--- a/data/configd-include.json
+++ b/data/configd-include.json
@@ -1,5 +1,6 @@
 [
 "bcast_relay.py",
+"conntrack.py",
 "dhcp_relay.py",
 "dhcpv6_relay.py",
 "dns_forwarding.py",
diff --git a/data/templates/conntrack/sysctl.conf.tmpl b/data/templates/conntrack/sysctl.conf.tmpl
new file mode 100644
index 000000000..9e97c3286
--- /dev/null
+++ b/data/templates/conntrack/sysctl.conf.tmpl
@@ -0,0 +1,26 @@
+# Autogenerated by conntrack.py
+{# all values have defaults - thus no checking required #}
+
+net.netfilter.nf_conntrack_expect_max = {{ expect_table_size }}
+net.netfilter.nf_conntrack_max = {{ table_size }}
+
+net.ipv4.tcp_max_syn_backlog = {{ tcp.half_open_connections }}
+
+net.netfilter.nf_conntrack_tcp_loose = {{ '1' if tcp.loose == 'enable' else '0' }}
+net.netfilter.nf_conntrack_tcp_max_retrans = {{ tcp.max_retrans }}
+
+net.netfilter.nf_conntrack_icmp_timeout = {{ timeout.icmp }}
+net.netfilter.nf_conntrack_generic_timeout = {{ timeout.other }}
+
+net.netfilter.nf_conntrack_tcp_timeout_close_wait = {{ timeout.tcp.close_wait }}
+net.netfilter.nf_conntrack_tcp_timeout_close = {{ timeout.tcp.close }}
+net.netfilter.nf_conntrack_tcp_timeout_established = {{ timeout.tcp.established }}
+net.netfilter.nf_conntrack_tcp_timeout_fin_wait = {{ timeout.tcp.fin_wait }}
+net.netfilter.nf_conntrack_tcp_timeout_last_ack = {{ timeout.tcp.last_ack }}
+net.netfilter.nf_conntrack_tcp_timeout_syn_recv = {{ timeout.tcp.syn_recv }}
+net.netfilter.nf_conntrack_tcp_timeout_syn_sent = {{ timeout.tcp.syn_sent }}
+net.netfilter.nf_conntrack_tcp_timeout_time_wait = {{ timeout.tcp.time_wait }}
+
+net.netfilter.nf_conntrack_udp_timeout = {{ timeout.udp.other }}
+net.netfilter.nf_conntrack_udp_timeout_stream = {{ timeout.udp.stream }}
+
diff --git a/data/templates/conntrack/vyos_nf_conntrack.conf.tmpl b/data/templates/conntrack/vyos_nf_conntrack.conf.tmpl
new file mode 100644
index 000000000..111459485
--- /dev/null
+++ b/data/templates/conntrack/vyos_nf_conntrack.conf.tmpl
@@ -0,0 +1,3 @@
+# Autogenerated by conntrack.py
+options nf_conntrack hashsize={{ hash_size }} nf_conntrack_helper=1
+
author	Christian Poessinger <christian@poessinger.com>	2021-05-25 21:53:54 +0200
committer	Christian Poessinger <christian@poessinger.com>	2021-05-27 08:30:51 +0200
commit	5eadedcc1e5c40da81031b77b8965baa3087e2b3 (patch)
tree	5883c10b79ed394a79c6e332d022976be1459f6d /data
parent	d12f945d24fd9098e69620d84699b61bd7838c99 (diff)
download	vyos-1x-5eadedcc1e5c40da81031b77b8965baa3087e2b3.tar.gz vyos-1x-5eadedcc1e5c40da81031b77b8965baa3087e2b3.zip